Peak‘Apex One’ – it’s difficult to think of a more confident, self-assured name for a new brand!

And it’s a brand on a mission, too – to take the burdensome management out of security. As the Apex One developers put it in their blog, this is about “detecting and blocking as many endpoint threats as possible, without manual intervention.”

This, in turn, translates into less pressure on security teams, lighter workload for security service providers, and less costly time and effort involved overall.

But is this a solution the channel will want to sell? Is it easy and profitable to deploy and manage? And what makes it different from (and better than) what went before?

You can read the full solution brief on our website, but meanwhile here’s our take on it.

Single agent: a game-changer?

Trend’s existing XGen technology already automates threat detection across security layers and endpoints, including PC, Mac and VDI.

But where even the most automated threat detection capability stumbles is the need to use multiple agents to deliver across different kinds of customer deployment – like cloud, on-premise, and hybrid.

Here, Apex One plays a blinder. It has a single agent that is consistent across all customer deployment types, significantly diminishing deployment and ongoing management overheads, and reducing the risk of automation being devalued by interruption.

Given the high proportion of enterprise clients who have complex hybrid environments, this has to be a winner!

Detection and remediation: all done for you!

But security channel partners and in-house security teams alike also need to be sure that what is being automated is the most effective way for dealing with the broadest possible range of threats. Inadequate protection delivered automatically is not a value-add!

Apex One appears to be well ahead of the curve here, however, because it focuses its automation not on preventing threats (an impossible aim), but instead on detecting and removing them.

Unknown or fileless threat? Machine learning and behavioural analysis will spot its threatening characteristics and take action.

Operating system vulnerability? Apex One creates its own virtual patches to prevent zero-day exploits from making it onto any endpoint.

And if you’re hearing echoes of EDR (Endpoint Detection and Response) at this point, it’s true that Apex One offers upsell potential into both Trend’s full EDR and MDR (Managed Detection and Response) solutions - but it’s also important to understand that what Trend have built here is in fact something quite distinct.

Whereas EDR tends fundamentally be a noisy and manual process to manage (as we explained in this earlier post) automated detection and response - which is what Trend call it - neatly does much of it for you.

Manage, visualise, investigate – all in one place

The more you can understand about a threat, the more effective the measures you can take against it.

But the challenge is in corralling all the threat information – including user-based visibility, policy management, and log aggregation - into one place, in a way that makes sense of it.

Apex One has created a centralised console that enables exactly this, so although for some more detailed analysis a connection to an optional EDR dashboard is necessary, visualisation, investigation and reporting are already built into its standard configuration, adding an inbuilt layer of insight that other solutions don’t have.

Conclusions: is Apex One the peak of security for channel partners?

Everyone likes a great name and a strong story, and Apex One has got both in spades – not least because it is in fact essentially the new brand name for the existing Trend endpoint security solution within its Smart Protection Suites solutions family.

But this is not some kind of rebadging exercise to revive a flagging solution – because Trend’s endpoint solution isn’t flagging. Just the opposite, in fact: it has received high praise from industry analysts like Gartner year after year, including in 2018.

But coupling it with a single agent shows that there’s a strategic endgame in mind: to make Trend’s endpoint security solutions as effortless as possible to use across every client environment – and therefore very hard to displace.

For end-clients and channel partners alike – and particularly existing Trend Micro Office Scan users, who will receive Apex One as a regular update at no additional cost - that’s a rebrand that will deliver far more than just a new name and a shiny logo.

Lock Hottest SecurityWhich security trends are hottest, as seen by resellers and service providers themselves? As the sun blazed, we asked our network to pick some shining examples.

What’s hot and what’s not? In the recent heat, it seems like the answer has been “everything” and “nothing” respectively!

So, as the air-con went into overdrive, we decided to cool down with a quick summer straw poll of some of our resellers, MSPs, staff and consultants on what they believe to be the security trends of the season.

“Layered security is smokin’!”

This is how one partner responded, and his opinion is echoed by commentators in the industry media.

This CSO Online article, for example, urges businesses to “create multiple layers of security in order to address a wide variety of security concerns.”

IT ProPortal, for its part, includes in its predictions for IT changes in 2018 “the urgent need for continuous visibility and layered security…”.

The reason layered security is moving rapidly up the temperature gauge is because it’s being driven by unstoppable usage that puts many day-to-day IT processes outside the traditional security perimeter (cloud applications, home and mobile working, the use of often unauthorised personal devices, etc.)

So, there now has to be dedicated defences and threat analysis at the level of each IT layer - including web gateway, endpoints, email, applications, and more.

It’s worth mentioning that within this layered security space, we’ve seen a pronounced emphasis on the Endpoint Detection and Response (EDR) element recently.

Bitdefender alone has launched two new endpoint protection platform solutions for resellers that feature EDR components (GravityZone Ultra Suite and GravityZone Elite), with MSP variants (GravityZone EDR and GravityZone ATS) also available.

Machine learning: red-hot and very cool

As a human, when it’s hot, the last thing you need is large volumes of unnecessarily repeated activity.

Yet this is how many security solutions have typically functioned.

Got multiple layers you need to secure? Then investigate the threats to each one in isolation, using a layer-specific security solution, every time.

Want Endpoint Detection and Response? Then manually sift through a constant tidal wave of alerts and false positives.

None of this is fun, which is why machine learning scored so highly as a hot topic in our poll. It introduces intelligence that simply makes security easier, and that’s cool.

Take the example of a threat or malware variant that can target multiple layers simultaneously. What machine learning makes possible is the sharing of security information across those layers, so that the characteristics of attacks that move between layers can be spotted early on, in one single, efficient process across the entire business or enterprise (Trend Micro’s Smart Protection Suites – SPS - are a great example).

Machine learning has revolutionised EDR, too, enabling it to neutralise even unknown threats at pre-execution stage (Bitdefender again). This vastly reduces the traditionally ‘noisy’ levels of alerts, essentially making EDR usable at long last!

Protecting data: an incendiary topic!

GDPR has made many businesses’ blood boil in recent times, so it’s not surprising that our poll respondents thought this topic to be an on-trend firestarter on many fronts!

Smouldering amongst the responses were how to protect data in email, how to stop sensitive data exiting an organisation, how to get data back when it’s been hacked or held hostage by ransomware, and how poor patching affects data security.

Perhaps the greatest issue of all, at least as seen by some of our contacts, is that no one security vendor appears to have an all-encompassing data compliance offering.

However, there are some interesting and effective solutions now available, as we recently explained in our GDPR Knowledge Brief series.

Ease of management: a burning priority for MSPs

Finally, when it comes to business performance, the heat is always on – which is why many of our MSP respondents wanted to raise the issue of how easy (or otherwise) it is to actually manage security solutions as a service.

From where we’re sitting, the trend here is encouraging. Security vendors are increasingly offering a ‘single pane of glass’ approach, in which their security services can all be managed, and in some cases deployed, from one centralised management console.

For service providers, this means less management and admin time needed, and therefore keener margins, as well as better quality of service delivery and, ultimately, higher customer satisfaction levels.

This article explains more, and draws the conclusion that “A unified platform that can manage all enterprise endpoints – virtual or physical – should be more than just ‘nice to have,’ but an actual ‘must have.’

Plenty there, then, to stoke up a real security debate, whatever the weather!

But if you don’t agree with any of it, don’t get all hot under the collar – just get in touch and talk to us about it.

(We’re a pretty chilled bunch here…)

Endpoint Detection and Response (EDR) has become a Gartner buzzword. We point you to the kind of solution that will enable you to deliver it – profitably!

EDR – Endpoint Detection and Response - is the acronym currently setting the security industry a-buzz.

Industry analyst Gartner - who came up with the first EDR-type concept back in 2013 - has recently concluded that a more proactive alternative to simply attempting to block attacks is now needed, providing early detection, but also minimising dwell time and damage if an attack does indeed find a foothold. This is what EDR delivers.

It can – in theory – help service providers, resellers and other IT companies to climb the value chain by adding a valuable new layer of protection to customers’ security infrastructure.

But this is only worthwhile if the EDR solution is rapid to deploy, easy to use and manage, and profitable.

EDR is certainly powerful – but is it viable?

EDR done better, made profitable

The challenge up until now has been that EDR solutions are, by their nature, typically very ‘noisy’, generating high volumes of superfluous alerts that then have to be manually sifted through. In practical terms, this can make them almost unusable.

There’s the ‘complexity cost’ to consider, too. Most EDR solutions tend to rely on multiple agents, which are a significant management overhead for your customers (and - if you’re delivering EDR as a managed service - for you.)

So, noisy, difficult to use, highly manual, costly to manage – does EDR really offer anything to move you up that customer value chain?

The short answer is yes – because we’re now seeing smarter EDR solutions emerge that have already comprehensively overcome these shortcomings, taking a far less noisy and less manual operational approach that adds significant value both to what EDR delivers and how it delivers it.

Bitdefender: blazing a brave new EDR trail

Take a solution like Bitdefender’s GravityZone EDR, for example.

It has made it easy to add EDR to customers’ existing security infrastructure (thus increasing your revenues per customer), but with far less IT resource necessary on your part, and with vastly reduced management overheads.

How does it do this? Through a combination of six critical features that most EDR solutions simply don’t offer:

  1. Rapid deployment – Cloud-based, up and running in hours, not days.
  2. Simplification – One agent to manage, not many.
  3. Ease of use - A single, unified management console to control everything.
  4. Automated response and repair – No need for manual intervention - identified threats are removed automatically.
  5. Compatibility – Works with all existing solutions from the same family
  6. Artificial intelligence and machine learning – Reduces the management overhead caused by unnecessary noise; learns to identify false alarms and trivial threats, enabling the EDR layer to focus on the real and dangerous.

Bitdefender calls this highly automated, intelligent approach to EDR ‘funnel-based’, and you can see immediately that it’s a clear departure from the existing noisy, manual EDR orthodoxy – and one that makes a much more attractive proposition to service providers, resellers and their customers alike.

EDR Funnel

But do customers even want EDR?

If we said customers’ demand for EDR is set to go stratospheric, we probably wouldn’t be exaggerating.

An EDR article in eSecurity Planet, for example, describes the growth in EDR as “explosive” and reports that Gartner's forecast “is for almost 50% annual growth for EDR at least through 2020, putting it way out in front of most areas of IT.”

This in turn points to a market value – again, according to Gartner’s EDR estimates - of some $1.5 billion (£1.14 billion) – extremely plausible when you consider that, according to eSecurity Planet, only 40 million EDR endpoints are currently installed, compared to the estimated 711 million desktop, laptop and other devices that can use the software!

And in this recent global EDR survey, 72% of respondents reported their teams already suffer ‘alert fatigue’ – strong evidence that the demand will ultimately be shaped by the availability of solutions like Bitdefender EDR that don’t fall into the ‘noisy and difficult to manage’ bracket.

The message from the market is clear: for service providers, resellers and other IT partners, EDR is a revenue boost waiting to happen.

Just make sure you choose to sell solutions that are actually usable!

 Silver LiningWhen your customers move to cloud apps like Office 365, you need a plan to replace those revenue streams. Backup and cyber-security are in the frame.

The cloud is shaking up the IT services market.

Attracted by low costs, on-demand capacity and off-premise simplicity, businesses - your customers - are switching to cloud apps for everything from office and collaboration software (Office 365, SharePoint) to storage (Dropbox, Box) to sales and marketing (Salesforce) and much else besides.

In fact, by 2018 the typical IT department will have 60% of its apps and platforms residing in off-premise cloud systems, according to cloud research from IDG cited here, and this figure is even higher in smaller businesses with little or no in-house IT expertise.

So, with the move to cloud raining on your traditional IT services parade, is there a silver lining anywhere, and if so how do you cash in on it?

Break out the umbrellas and read on…

Earn revenue securing what cloud apps can’t

Call it a silver lining or call it an open secret, many cloud apps that are in enthusiastic business use across the world are in fact riddled with security issues.

In Office 365, for example, the security built into the application only protects against known malware – which is only about 10% of threats, according to this cloud app security information from Trend Micro.

Plus, 79% of ransomware attacks and over 90% of targeted attacks start with email – which, of course, is a big part of how your customers use cloud-delivered services like Office 365.

Put these two together and you have a recipe for (from your customers’ point of view) a GDPR catastrophe, but (from yours) a cloud that rains security revenues! This enables you to replace other IT services you became unable to deliver when your customers took their tech cloudward.

And the prospects for this market? Well, put it this way, cloud apps aren’t going away, and neither are the threats ranged against them. In fact, both are growing rapidly.

The global cloud apps market is expected to have grown from around £21.8 billion from 2014 to around £47.6 billion by 2019, according to a summary of cloud app market analysis from MarketsandMarkets.com.

Meanwhile, security vendor Malwarebytes reports in this white paper that the UK was the second-most targeted country in Europe for all types of malware in 2017!

So, time is of the essence. Go with a cloud app security solution that is rapid to deploy, requires no software or device changes or email rerouting management, is easy to manage through a centralised console, and comes in flexible licensing models enabling you to sell monthly or annually based on your requirements.

You could be putting a sunny face on your cloud app revenues sooner than you think!

Cloud data backup: stop mythmaking, start moneymaking!

But another critical cloud area you could be winning business in is cloud-to-cloud backup.

(“Huh?” I hear you say. “Isn’t data in cloud apps already backed up to, erm, the cloud? Isn’t that the point?”)

Well, that’s something of a myth. Yes, cloud apps keep backup copies, but this is not a robust or reliable backup and restore facility, simply because the data is purged - completely - after a number of days, never to be seen again.

Take the example of Office 365. Nominally, the data is backed up to Microsoft’s Azure servers – but this data is only available from the recovery folder for around 14 days. What if your customer’s data loss or ransomware infection predates that?

And what happens if data is overwritten or deleted in Salesforce due to user error or malicious insider intent, but not noticed until it’s too late?

These are huge operational and compliance issues for cloud apps users – but a great opportunity for you!

You can now deliver cloud-to-cloud backup services – that is, cloud app data backed up to an additional cloud location – to find, restore and export archived data in minutes, recover data from any point in time at any hierarchical level, and manage it all from a simple, intuitive interface (CloudAlly is a good example).

Best of all, with these solutions your customers benefit from an unlimited data retention period – so they never say goodbye to their data (and as you’re the one facilitating the backup, they might never say goodbye to you either!)

Forget silver – there’s pure gold in them thar clouds!

PatchingPatching is critical in defending your customers against vulnerabilities in everyday applications. It can now be automated from within security software, making it easier than ever to manage.

Think of all those vulnerable third-party applications your customers’ businesses basically run on. Can you rely on your humans to keep their patches up to date?

According to those involved in the recent Equifax debacle, for example, no! Break the human protocol, and the whole patching process falls apart. That’s terrifying when it’s been estimated that, overall, software exploits that target unpatched vulnerabilities account for 85% of all attack angles!

So, automating the patching process seems like a great idea, taking the cost, effort, disjointedness and sheer human fallibility out of keeping users protected against one of the most insidious forms of cyber-attack.

And, indeed, system management software (like the RMM solutions explored in this post) have arguably been doing this for a long time.

But wouldn’t it be neater, easier - and even cheaper – if this automated patching capability were simply built into the security software itself, rather than relying on an extraneous monitoring system? After all, we’re constantly being told patching is security!

Well, two vendors have listened.

Patching done the hard way

But before we look at what Heimdal Security and Bitdefender are offering , (for they are the vendors in question), let’s contemplate just a few of the manual patching challenges faced by end-user businesses and their security partners every day:

  • Slowcoaching – As the Equifax issue shows, being slow off the mark to patch a vulnerability sharply increases the likelihood of falling victim to it, but timeliness is a difficult thing to sustain when workloads are heavy.
  • Proliferation – By definition, the applications requiring patching tend to be big-name office and productivity solutions, so they are not only highly ubiquitous but also available in many different versions (including legacy products). Managing these kind of complex patching scenarios manually can create a massive drain on resources or – worse – a helpdesk meltdown!
  • Patch provenance – Obtaining patches from third-party websites is widespread practice, but does anybody seriously check the hashing of the patch with the hashing on the vendor’s website to make sure they’re downloading exactly what they think they are? Hmmm.
  • System workloads – Downloading and installing patches across large user populations can negatively impact core system workloads, ultimately resulting in disruption and loss of productivity
  • Cost – Every manual process involved in managing or deploying a patch burns through expensive admin and management minutes. Manual patching, though critical, eats readily into margins.

Now let’s consider the alternative.

Automatic patching = business as usual

Between them, what Heimdal and Bitdefender have done is to turn pesky patching (reactive, unpredictable, requiring extraordinary resource) into everyday ‘business as usual’ practice.– simply by automating it.

At a stroke, they have shifted third-party application security into the security layer (where it rightfully belongs), but in a way that it is easy (dare we say profitable?) to manage.

Here’s a snapshot of what this delivers:

  • Automatic patching of apps including Microsoft, Acrobat, Java, Flash and many more, with zero setup - and scheduling also possible.
  • Constant, instant protection – Heimdal checks for patches and updates every two hours and applies them from the moment they’re available
  • Non-disruptive operation – The update process happens ‘silently’ in the background whilst users carry on their work; Bitdefender also makes clever use of cacheing to maximise bandwidth and optimise performance.
  • Trustworthy patches – Updates are guaranteed authentic by automatic checking of the hash patterns against the vendors’ sites
  • Flexible legacy deployments – Updates can be set up to apply to specific software versions, enabling full coverage or legacy-specific deployments

Needless to say, none of this requires the additional cost of an RMM solution, either, but the financial benefits don’t stop there. The Heimdal solution, for example, is available with monthly aggregated billing, so upfront costs are zero and average margin rises with every additional seat.

(Bitdefender are currently pursuing a reseller model with perpetual upfront licensing, but an MSP variant is expected… watch this space!)

Human error: a thing of the patching past?

It’s tempting to see a miracle cure-all in solutions of this kind, but it pays to be appropriately cautious about their market viability.

Security partners can rely on their own product testing, of course – and they certainly should invest time and effort in this.

But the reality is that a security distributor with extensive experience of evaluating hundreds of solutions for sale using their own in-house technical experts is probably a more reliable source for determining the next rising star or the next puff of vapourware.

We like what we see. You should take a look too.

Heimdal Security logoHow would your customers feel if they had a Norse warrior stopping malware from reaching their endpoints? Meet Denmark’s Heimdal Security.

In days of old, the sight of Vikings on the horizon was enough to turn decent peasants’ blood to ice.

But the marauding Danes are now playing poacher-turned-gamekeeper – at least in IT security terms.

Because instead of being the threat, they’re now stopping the threats before they make landfall. (Or, at least, before they reach your customers’ endpoints!)

This is what our newest vendor partner Heimdal Security sees as its killer battle cry when compared to traditional endpoint security. And here’s why malware needs to be very afraid of it.

From last-ditch to proactive: endpoint protection transformed

“Form square and stick out your spears” – that’s basically the traditional approach to endpoint protection. Once the problem has hit the machine, the security software rings the panic bell, musters the garrison, and mounts a defence.

We Brits tried that against the (real) Vikings. It didn’t work.

But if we could have spotted their boats as they cast off – or, even better, seen activity on the quayside that indicated an attack being prepared – we could have taken proactive action against them before they reached Blighty.

This is exactly what Heimdal does. Instead of looking at application code and signatures in files that have already entered the endpoint, to work out if there’s a threat, it looks at the undercurrents in the ‘sea’ of network and internet traffic entering and leaving your customers’ businesses, to detect danger before it surfaces.

Rather cleverly, though, this isn’t just about identifying when users are being taken to places they shouldn’t be sailing towards – e.g. malicious websites – and blocking the connection to them before it’s made (although this is certainly important, as we explore below).

It’s also about using advanced machine-learning, heuristics and network forensics to detect apparently harmless network file ‘plankton’ that is in fact fodder for a coming malware attack.

Traditional security protects an endpoint with a last-ditch defence. Heimdal protects it by turning the entire network into a shield wall.

Which one are you betting your krone on?

Multi Layered Security Graphic
Conventional endpoint security is typically missing the traffic-based anti-malware protection that Heimdal delivers.

“Probably the best malware protection in the world…”

The famous Danish beer ad is tongue in cheek. But there’s a serious point to be made here about the strains of malware that Heimdal can protect against that many other security solutions simply can’t.

Take ransomware, for example. Traditional endpoint security looks for malicious code within files, but a ransomware-triggering hyperlink, or instruction to connect to a website, is neither a file nor, in itself, an inherently malicious piece of code. So, the endpoint security software doesn’t spot it.

But Heimdal is looking at the network, not the endpoint. It detects and blocks the malicious connections (to malvertising, legitimate but compromised web banners, malicious iFrames and redirects, botnets etc.) that signal an intention to activate or propagate attack strains like APTs, ransomware, Trojans, polymorphic malware and others.

In short, Heimdal gets stuck into the melee long before the blunt old endpoint battle-axe can!

Automatic software updates: that’s 85% of web app attacks defeated!

Exploit kits and other threats that exploit programs’ existing security weaknesses are a huge worry for traditional endpoint security vendors, because these weaknesses often exist at a lower level than that at which the security solutions operate.

Consequently, exploits can slip underneath the endpoint radar (the bad guys must feel like they’ve died and gone to Valhalla!)

They’re a huge worry for your customers, too, given that some 85% of web app attacks (like the kind that typically trigger ransomware and steal personal financial data) take hold of endpoints through an existing unpatched security hole of this kind.

But here, Heimdal have put a real edge on their sword. They have coupled their network traffic analysis with an automatic software update tool, to ensure that your customers’ internet-facing and non-internet-facing apps  – from Acrobat to Audacity, Flash to Firefox, Java to Jitsi, and many others besides – are constantly and automatically updated with the latest security fixes and patches, thus denying exploit kits an entry point.

The most security-critical applications are often those that are not concerned with security at all – how’s that for a typically innovative Scandinavian way of looking at a problem?

Why Heimdal
“Proactive” is a word you’ll hear a lot from Heimdal – and the automatic patching capability that embodies it is a good third of the company’s overall value proposition. (Click to enlarge)

Heimdal: the new word in security

Bloodthirsty or not, the Vikings gave their name to some very beneficial concepts. The word ‘law’ comes into English from their language, for example – and from where we’re sitting it looks like they’ve done it again with ‘Heimdal’!

(Loosely translated, we think the name means: “Stop the thing that’s trying to attack the longboat before it reaches the longboat.” Genius.)

Time some of your customers learnt some Danish, perhaps?

BadRabbit

BadRabbit has munched through cyber-defences, sowing ransomware far and wide. So how does it work? And can you protect your customers against it?

“Run rabbit, run”, goes the song – and ransomware attack BadRabbit has certainly done some running over the past few days!

It has got its teeth into Russia, Ukraine and many other Eastern European countries besides, with some sources also reporting cases in Germany, Turkey, and the US. It seems only a matter of time before it spreads further afield.

So what is BadRabbit – and is there any defence that can protect your customers against it?

What’s up, Doc? What BadRabbit does and how

BadRabbit Screenshot
What users see when BadRabbit bounces into view

BadRabbit is cryptolocker ransomware – it encrypts Windows users’ files using a private key that is known only to the hackers’ own servers. The user must pay for access to this key, in order to decrypt and recover their files (a Bitcoin wallet appears on screen to enable this transaction to take place).

Technically, according to this specialist cyber-security website, BadRabbit is closely related to the recent NotPetya attack, using much of the same code.

However, it executes in a different way, using hacked websites to display a fake Adobe Flash update that, if clicked on, triggers the attack (it drives users to these sites using malicious links.)

Additionally, according to this threat alert website, BadRabbit can move laterally across a network and propagate or spread without user interaction!

Can security vendors stop the naughty bunny?

In short, it seems some of them can.

Bitdefender, for example, states on its website that if your customers are “running a Bitdefender antimalware product for either home or business, you don’t need to worry, as our solutions detect this threat…”

machine-learning
Bitdefender’s inbuilt machine-learning recognises the signs of ransomware and stops it before it can execute

Enabling machine-learning in Trend Micro’s solutions also appears to detect BadRabbit, according to the former’s website, whilst Malwarebytes states that “Users of Malwarebytes for Windows, Malwarebytes Endpoint Protection, and Malwarebytes Endpoint Security are protected from BadRabbit.”

An interesting take on keeping the cunning coney at bay, however, comes from Heimdal, who point out in this very comprehensive ransomware resource that some 85% of ransomware attacks target vulnerabilities in existing applications.

By this logic, updates to software (and not just security software) are, in themselves, a key anti-ransomware security layer.

Damage caused by Ransomware graphic
The consequences of ransomware. Source: Heimdal Security

What other steps can you take to protect customers against BadRabbit?

For systems admin and IT people, of course, quick technical fixes in the form of ‘kill switches’ or similar are indispensable, and it turns out that BadRabbit, like NotPetya and Goldeneye before it, can be tamed by changing the properties of certain files (scroll down to the bottom of this article to find them).

But fundamentally, ransomware works by holding your customers’ data hostage. If this data is backed up and easily accessible, as we discussed in this recent post, ransomware, by definition, loses pretty much all of its bite.

It’s important, therefore, that you advise your customers well on how to choose an appropriate data backup and recovery solution.

For a comprehensive list of all the other steps your customers need to take to protect themselves against ransomware, this recent article from the Carnegie-Mellon Software Engineering Institute offers some thorough advice.

BadRabbit is on the loose. So share what we’ve told you above with your customers and they’ll be all ears.

Failing to correctly configure your security solutions is one of the biggest risks to you and your customers. Security health checks can prevent it.

So, you’ve got your customers’ security covered from all angles, right?

Layered protection that shares security intelligence across applications. Endpoint security that spots malware traditional anti-virus solutions miss. Machine-learning that gets better and better at understanding threats. Belt and braces.

But then you fail to configure it all correctly and your customers get hit anyway!

Sceptical? Look at Amazon’s AWS solution, which has suffered a number of critical security and other misconfigurations, resulting in compromised user data.

Read Gartner, who say that in 2017 misconfiguration will be the most common source of breaches in mobile applications.

And take heed of the Infosec Institute, who place security misconfiguration right in the middle of the top ten cyber-risks in 2017.

Whichever way you slice it, the evidence shows that even the cleverest solutions can be useless if they’re not set up correctly – but how do you go about making sure the security solutions you deliver don’t fall into this trap?

Health checks: an MOT for your security solutions

The answer isn’t rocket science, but it is common sense.

You get your car checked out regularly to ensure it’s running as it should, and to inform you of any action you need to take to keep it fit for purpose. Essentially, it’s a health check for your motor – and you can do exactly the same for the security solutions and services you deliver.

But the even better news is that the security healthcheck is often far less disruptive and time-consuming than taking your car to the local garage.This is because the health check can often be performed by an engineer remotely, using the same web consoles you use to deliver and manage your security offerings every day.

As the engineer finds configuration faults or errors, they document these in a report that includes recommendations for the actions you need to take to fix them.

Who delivers security health checks, and what do they cover?

Where and how you get your security health checks often depends on the support and services arrangements you have with the vendors of the security solutions you sell – although this is not the only way to access them.

You could, for example, go through a specialist security software distributor who has vendor-accredited technical expertise in-house. This means you get vendor-quality product knowledge but through an organisation that is typically smaller, more agile and delivers a more personal service.

Typically, a product security health check delivered in this way will cover the full spectrum of security configuration points (it could be 60 or more) that can become an issue if not properly attended to, including (amongst others):

  • Unresolved malware
  • Patching and security updates
  • Licence status
  • Choice of deployed modules and scan engines
  • Policy and protection compliance
  • Impending end-of-life, end of support, and other OS-related issues
  • Settings (e.g. threat sensitivity); options enabled and disenabled
  • Identification and authentication

Security health checks; who fixes what’s not working?

If you have technically proficient people in your organisation, they can of course take the recommendations of the health check report and act on them.

But how does it work if you haven’t got the necessary technical resources?

Again, think of your car: you have no hesitation in handing over your keys to a trusted specialist to carry out work you couldn’t. Depending on who you get your security health check services from, the same model is potentially available – hands-on, on-site corrective work, billed according to an agreed estimate of the time it takes to complete the job.

(But no expensive mechanical components to cause the sucking in of air between the teeth, of course!)

Insights: safer than consequences

“Prevention is better than cure”, runs the old adage – but when there’s no cure available, the need for prevention becomes even more urgent.

Sadly, you can’t “cure” breach and theft of your customers’ data, for example – once the data’s been taken, it’s an irreversible action.

And if it occurs because a solution you provide wasn’t set up correctly or hadn’t been kept up to date, the legal, reputational and financial consequences for your organisation – particularly under the imminent GDPR regulations – would be severe.

But regular insight into the status of your security solutions and how they have (or haven’t) been applied can wrongfoot the risk before it trips you up.

A healthier situation all round.

 

 

 

XGen badge (HES) is the latest Trend Micro solution to wear the xGen badge. We take a brief look at the machine learning benefits behind the brand.

For both MSPs and resellers, Trend Micro’s Hosted Email Security (HES) has always been a compelling sell, delivering powerful, serverless email protection for customers with limited IT resources.

But whereas the rest of Trend’s Worry-Free Business Security Services solutions have already been plugged into the Predictive Machine Learning technology that is one of the features of the newly minted xGen brand, HES (perhaps because it’s also available as a standalone solution, outside of Worry-Free) hadn’t been – until now.

Here are some of the benefits that ‘xGenned’ HES now delivers to end-users.

Zero-day and unknown threats detected

With the threat landscape evolving at bewildering speed, checking chunks of code against databases of the known ‘usual suspects’ is only fractionally effective.

Instead, security solutions now need to detect hitherto unknown and unidentified threats, too, as we described in a previous post recently - and this is exactly what the Predictive Machine Learning in HES now enables it to do.

Predictive Machine Learning uses advanced file feature analysis to ascertain both the probability that a threat exists in a file, and the probable file type – and, of course, because it is learning from each example, it gets better as it goes.

Dangerous files and processes neutralised

Once the machine learning process has identified an unknown or zero-day threat, it can then take action to keep end-users protected.

If the threat is file-based, for example, the solution will quarantine the files in question, to stop the threat from spreading across users’ networks.

HES shares its newfound machine learning capabilities not only with Trend’s Worry-Free Business Security Services solutions but also with OfficeScan, so this more detailed explanation of the latter’s Predictive Machine Learning features, and how they work, is worth a read.

No more multiple login hell

Bringing HES into the xGen fold appears to have prompted some other helpful alignments with existing Trend solutions, too (although, in truth, these don’t have much to do with machine learning!)

There’s a lot less cumbersome clickery involved, for a start. For example, you can now jump directly from HES into the management console of the Cloud App Security solution, whereas before you’d have had to go from the Customer Licensing Portal (CLP) to HES, then back to CLP in order to reach Cloud App Security.

This is important for two reasons: firstly, to stop you losing the will to live. And secondly, because it’s a significant improvement to the overall email security workflow (Cloud App Security is needed to provide Exchange Online mail store scans as well as inspection of internal email traffic - so an easy hook-up to it is a must).

In short, HES is going through the same operator-friendly evolution as many other Trend solutions - getting rid of fiddly separate passwords for each service.

Ultimately, this helps partners work more efficiently and thus cut down on admin overheads, but also it makes for smoother service delivery.

HES: an xGen latecomer poised to deliver

It’s worth noting that HES has also recently benefited from an overhauled interface, improved data insights, enhanced Time-of-Click web protection, and other additional refinements, as explored in this post - so it certainly hasn’t been standing still.

But it has moved at a different speed to the rest of the xGen stable, and it’s good news for security resellers and MSPs alike that they can now tell their customers the gap is being closed!

MSP programJoining an MSP program can work wonders with channel partners’ balance sheets, as our friends at Trend Micro explain in this blog!

We’re always keen to share compelling insight from our vendor partners, and Trend Micro have nailed it with their blog Five reasons you need to join an MSP program….today!

 So with thanks to the guys at Trend, we’ve condensed it below. (And if you like what you see, come and talk to us about the MSP solutions we offer!)

Five reasons you need to join an MSP program… today!

1. Better margins

It is not uncommon for our partners to earn in excess of 100% profit margin on the security solutions they are providing to their customers as part of their managed service agreements, which is probably a much higher percentage than what you are earning now if you are just buying annual licenses when your customers’ licenses expire.

Let me explain how in two words: aggregate pricing. Put simply, MSP programs typically offer pricing on an aggregate seat count basis, which means that you are paying for licenses based on the total number of clients you currently manage. This can be a significant difference as business grows and you move in to cheaper and cheaper seat bands. To figure out just how much margin you are missing out on ask your vendor how much it costs per seat in the lowest price band (typically five to 25 seats) vs. the cost per seat in the price band that represents your entire customer base. That number is the extra margin you are missing out on.

2. Predictable revenue stream

Compared to the feast-or-famine nature of revenue in a break-fix business model, predictability is one of the primary benefits of being a managed service provider. Joining an MSP program helps you further streamline and predict both the revenue from your customers, as well as your service delivery costs.

This one is a bit of a twofer since you can more easily calculate revenue projections and do forecasting into the future. You can also calculate cost projections and get a much better understanding of the health and future growth potential of your business. The icing on the cake is that the value of your business increases as well as your revenue streams–a critical component of your exit strategy.

3. Multiple recurring revenue streams

The great thing about being an MSP is that you are forced to heavily focus on automation and repeatability since controlling costs directly impacts your bottom line. Once you’ve joined an MSP program, you will generally have the ability to create multiple recurring revenue streams if they have a broad product portfolio. Once you have created processes and trained your staff around the tools provided as part of the MSP program it’s very easy to “turn on” any additional products your vendor may offer across your entire customer base. This can be done in a very efficient and cost-effective manner, with each of these products representing an additional recurring revenue stream and more profit.

4. Moving from CapEx to OpEx

There may be some tax and accounting benefits to joining an MSP program and moving from purchasing annual licenses upfront for your customers to paying for licenses monthly or quarterly — or moving from CapEx to OpEx. The main benefit is the ability to recognize deductions completely in the current period vs. recognizing them over the useful life of an asset (that is, if you buy a three-year license and deduct it over those three years).

Disclaimer: We are a cybersecurity company, not tax experts. Therefore, we highly recommend discussing this with your accountant or tax professional to weigh the pros and cons and how it may affect your business specifically.

5. Elimination of renewals

Lastly, a good MSP program will give you complete control over license management and provisioning from a self-service portal. This allows you not only to provision licenses when you need them (think evening or weekend deployment when you forgot to place an order three days in advance), but also to eliminate all the hassles, complexity and costs associated with renewals. In essence, since you have complete control over the licenses, an expiration date is no longer necessary–you can simply cancel the license when you need to.

If you’ve never figured out what it costs you to track disparate expiration dates across your entire customer base for every product, to request quotes from your vendors, to create invoices for your customers, to follow-up on payments from your customers, and to submit payments to your vendors just to renew a product, then you probably should! Most partners we  meet who go through this exercise are shocked to find out they often lose money on smaller customers because they did not factor the costs of renewing into their pricing or business model.

Although there are so many more reasons to join an MSP program as soon as possible, these are our top five reasons you should be seriously considering becoming part of one…

Blue Solutions is a specialist security software distributor with many years’ experience in helping partners take their MSP security proposition to market. To talk to us about our range of MSP security solutions, get in touch.